1. Right Answer: B
Explanation: Level 5 is the optimizing process and focus on process innovation and continuous integration.For CISA Exam you should know below information about Capability Maturity Model Integration (CMMI) mode:Maturity model -A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainable produce required outcomes.CMMI Levels -A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example, for comparative assessment of different organizations where there is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations' software development processes.Structure -The model involves five aspects:Maturity Levels: a 5-level process maturity continuum - where the uppermost (5th) level is a notional ideal state where processes would be systematically managed by a combination of process optimization and continuous process improvement.Key Process Areas: a Key Process Area identifies a cluster of related activities that, when performed together, achieve a set of goals considered important.Goals: the goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way.The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.Common Features: common features include practices that implement and institutionalize a key process area. There are five types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation.Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the area.Levels -There are five levels defined along the continuum of the model and, according to the SEI: 'Predictability, effectiveness, and control of an organization's software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief'.[citation needed]Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process.Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted.Defined - the process is defined/confirmed as a standard business process, and decomposed to levels 0, 1 and 2 (the last being Work Instructions).Managed - the process is quantitatively managed in accordance with agreed-upon metrics.Optimizing - process management includes deliberate process optimization/improvement.Within each of these maturity levels are Key Process Areas which characteristic that level, and for each such area there are five factors: goals, commitment, ability, measurement, and verification. These are not necessarily unique to CMM, representing '' as they do '' the stages that organizations must go through on the way to becoming mature.The model provides a theoretical continuum along which process maturity can be developed incrementally from one level to the next. Skipping levels is not allowed/feasible.Level 1 - Initial (Chaotic)It is characteristic of processes at this level that they are (typically) undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. This provides a chaotic or unstable environment for the processes.Level 2 - Repeatable -It is characteristic of processes at this level that some processes are repeatable, possibly with consistent results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.Level 3 - Defined -It is characteristic of processes at this level that there are sets of defined and documented standard processes established and subject to some degree of improvement over time. These standard processes are in place (i.e., they are the AS-IS processes) and used to establish consistency of process performance across the organization.Level 4 - Managed -It is characteristic of processes at this level that, using process metrics, management can effectively control the AS-IS process (e.g., for software development). In particular, management can identify ways to adjust and adapt the process to particular projects without measurable losses of quality or deviations from specifications. Process Capability is established from this level.Level 5 - Optimizing -It is a characteristic of processes at this level that the focus is on continually improving process performance through both incremental and innovative technological changes/improvements.At maturity level 5, processes are concerned with addressing statistical common causes of process variation and changing the process (for example, to shift the mean of the process performance) to improve process performance. This would be done at the same time as maintaining the likelihood of achieving the established quantitative process-improvement objectives.The following were incorrect answers:Level 4 '' Focus on process management and process controlLevel 3 '' Process definition and process deployment.Level 2 '' Performance management and work product management.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 188

2. Right Answer: C
Explanation: Level 3 is the defined step and focus on process definition and process deployment.For CISA Exam you should know below information about Capability Maturity Model Integration (CMMI) mode:Maturity model -A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainable produce required outcomes.CMMI Levels -A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example, for comparative assessment of different organizations where there is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations' software development processes.Structure -The model involves five aspects:Maturity Levels: a 5-level process maturity continuum - where the uppermost (5th) level is a notional ideal state where processes would be systematically managed by a combination of process optimization and continuous process improvement.Key Process Areas: a Key Process Area identifies a cluster of related activities that, when performed together, achieve a set of goals considered important.Goals: the goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way.The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.Common Features: common features include practices that implement and institutionalize a key process area. There are five types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation.Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the area.Levels -There are five levels defined along the continuum of the model and, according to the SEI: 'Predictability, effectiveness, and control of an organization's software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief'.[citation needed]Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process.Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted.Defined - the process is defined/confirmed as a standard business process, and decomposed to levels 0, 1 and 2 (the last being Work Instructions).Managed - the process is quantitatively managed in accordance with agreed-upon metrics.Optimizing - process management includes deliberate process optimization/improvement.Within each of these maturity levels are Key Process Areas which characteristic that level, and for each such area there are five factors: goals, commitment, ability, measurement, and verification. These are not necessarily unique to CMM, representing '' as they do '' the stages that organizations must go through on the way to becoming mature.The model provides a theoretical continuum along which process maturity can be developed incrementally from one level to the next. Skipping levels is not allowed/feasible.Level 1 - Initial (Chaotic)It is characteristic of processes at this level that they are (typically) undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. This provides a chaotic or unstable environment for the processes.Level 2 - Repeatable -It is characteristic of processes at this level that some processes are repeatable, possibly with consistent results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.Level 3 - Defined -It is characteristic of processes at this level that there are sets of defined and documented standard processes established and subject to some degree of improvement over time. These standard processes are in place (i.e., they are the AS-IS processes) and used to establish consistency of process performance across the organization.Level 4 - Managed -It is characteristic of processes at this level that, using process metrics, management can effectively control the AS-IS process (e.g., for software development ). In particular, management can identify ways to adjust and adapt the process to particular projects without measurable losses of quality or deviations from specifications. Process Capability is established from this level.Level 5 - Optimizing -It is a characteristic of processes at this level that the focus is on continually improving process performance through both incremental and innovative technological changes/improvements.At maturity level 5, processes are concerned with addressing statistical common causes of process variation and changing the process (for example, to shift the mean of the process performance) to improve process performance. This would be done at the same time as maintaining the likelihood of achieving the established quantitative process-improvement objectives.The following were incorrect answers:Level 4 '' Focus on process management and process controlLevel 5 '' Process innovation and continuous optimization.Level 2 '' Performance management and work product management.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 188

3. Right Answer: C
Explanation: Functionality - A set of attributes that bear on the existence of a set of functions and their specified properties.The functions are those that satisfy stated or implied needs.Suitability -Accuracy -Interoperability -Security -Functionality Compliance -For CISA Exam you should know below information about ISO 9126 model:ISO/IEC 9126 Software engineering '' Product quality was an international standard for the evaluation of software quality. It has been replaced by ISO/IEC25010:2011.[1] The fundamental objective of the ISO/IEC 9126 standard is to address some of the well-known human biases that can adversely affect the delivery and perception of a software development project. These biases include changing priorities after the start of a project or not having any clear definitions of'success.' By clarifying, then agreeing on the project priorities and subsequently converting abstract priorities (compliance) to measurable values (output data can be validated against schema X with zero intervention), ISO/IEC 9126 tries to develop a common understanding of the project's objectives and goals.ISO 9126 -The standard is divided into four parts:Quality model -External metrics -Internal metrics -Quality in use metrics.Quality Model -The quality model presented in the first part of the standard, ISO/IEC 9126-1,[2] classifies software quality in a structured set of characteristics and sub- characteristics as follows:Functionality - A set of attributes that bear on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs.Suitability -Accuracy -Interoperability -Security -Functionality Compliance -Reliability - A set of attributes that bear on the capability of software to maintain its level of performance under stated conditions for a stated period of time.Maturity -Fault Tolerance -Recoverability -Reliability Compliance -Usability - A set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users.Understandability -Learn ability -Operability -Attractiveness -Usability Compliance -Efficiency - A set of attributes that bear on the relationship between the level of performance of the software and the amount of resources used, under stated conditions.Time Behavior -Resource Utilization -Efficiency Compliance -Maintainability - A set of attributes that bear on the effort needed to make specified modifications.Analyzability -Changeability -Stability -Testability -Maintainability Compliance -Portability - A set of attributes that bear on the ability of software to be transferred from one environment to another.Adaptability -Install ability -Co-Existence -Replace ability -Portability Compliance -Each quality sub-characteristic (e.g. adaptability) is further divided into attributes. An attribute is an entity which can be verified or measured in the software product. Attributes are not defined in the standard, as they vary between different software products.Software product is defined in a broad sense: it encompasses executables, source code, architecture descriptions, and so on. As a result, the notion of user extends to operators as well as to programmers, which are users of components such as software libraries.The standard provides a framework for organizations to define a quality model for a software product. On doing so, however, it leaves up to each organization the task of specifying precisely its own model. This may be done, for example, by specifying target values for quality metrics which evaluates the degree of presence of quality attributes.Internal Metrics -Internal metrics are those which do not rely on software execution (static measure)External Metrics -External metrics are applicable to running software.Quality in Use Metrics -Quality in use metrics are only available when the final product is used in real conditions.Ideally, the internal quality determines the external quality and external quality determines quality in use.This standard stems from the GE model for describing software quality, presented in 1977 by McCall et al., which is organized around three types of QualityCharacteristics:Factors (To specify): They describe the external view of the software, as viewed by the users.Criteria (To build): They describe the internal view of the software, as seen by the developer.Metrics (To control): They are defined and used to provide a scale and method for measurement.ISO/IEC 9126 distinguishes between a defect and a nonconformity, a defect being The nonfulfillment of intended usage requirements, whereas a nonconformity isThe nonfulfillment of specified requirements. A similar distinction is made between validation and verification, known as V&V in the testing trade.The following were incorrect answers:Reliability - A set of attributes that bear on the capability of software to maintain its level of performance under stated conditions for a stated period of time.Usability - A set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users.Maintainability - A set of attributes that bear on the effort needed to make specified modifications.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 188

4. Right Answer: B
Explanation: Consistency - The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code) but merely that any programming errors do not violate any defined rules.For CISA exam you should know below information about ACID properties in DBMS:Atomicity - Atomicity requires that each transaction is 'all or nothing': if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged. An atomic system must guarantee atomicity in each and every situation, including power failures, errors, and crashes. To the outside world, a committed transaction appears (by its effects on the database) to be indivisible ('atomic'), and an aborted transaction does not happen.Consistency - The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code) but merely that any programming errors do not violate any defined rules.Isolation - The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. Providing isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of an incomplete transaction might not even be visible to another transaction.[citation needed]Durability - Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL statements execute, the results need to be stored permanently (even if the database crashes immediately thereafter).To defend against power loss, transactions (or their effects) must be recorded in a non-volatile memory.The following were incorrect answers:Atomicity - Atomicity requires that each transaction is 'all or nothing': if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged.Isolation - The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other.Durability - Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 218

5. Right Answer: A
Explanation: Atomicity requires that each transaction is 'all or nothing': if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged.For CISA exam you should know below information about ACID properties in DBMS:Atomicity - Atomicity requires that each transaction is 'all or nothing': if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged. An atomic system must guarantee atomicity in each and every situation, including power failures, errors, and crashes. To the outside world, a committed transaction appears (by its effects on the database) to be indivisible ('atomic'), and an aborted transaction does not happen.Consistency - The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code) but merely that any programming errors do not violate any defined rules.Isolation - The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. Providing isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of an incomplete transaction might not even be visible to another transaction. [citation needed]Durability - Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL statements execute, the results need to be stored permanently (even if the database crashes immediately thereafter).To defend against power loss, transactions (or their effects) must be recorded in a non-volatile memory.The following were incorrect answers:Consistency - The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code) but merely that any programming errors do not violate any defined rules.Isolation - The isolation property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other.Durability - Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 218